<?php
include "validate.php";

if (isset($_POST["topic"]))
	$topic = $_POST["topic"];
else
	$topic = "";
if (isset($_POST["comments"]))
	$comments = $_POST["comments"];
else
	$topic = "";

$comments = mysql_real_escape_string($comments);
$topic = mysql_real_escape_string($topic);

if (strlen($topic) > 0 && strlen($comments) > 0)
{
	$query = "	SELECT account_id AS ID 
			FROM login
			WHERE user_name like '%" . $_SESSION['username'] . "%'
				AND account_pass like '%" . sha1($_SESSION['password']) . "%';";

	$result = mysql_query($query);

	if ($row = mysql_fetch_array($result))
	{
		$query = "	INSERT INTO front_page (topic, comment_text, submit, account_id) 
				VALUES ('" . mysql_real_escape_string($topic) . "', '" . mysql_real_escape_string($comments) . "', '" . date('Y-m-d H:i:s') . "', " . $row['ID'] . ");";
		
		mysql_query($query);
		$_SESSION['message'] = "Update Success!";
		header("Location:account.php");
	}
	else
	{
		$_SESSION['message'] = "Can't Verify User";
		header("Location:account.php");
	}			
}
else
{
	$_SESSION['message'] = "Invalid Topic Format";
	header("Location:account.php");
}
?>

